0

I'm using an HTTP resource path to execute a backend action instead of providing a resource. An example would be adding a holiday feature to a holiday package on a travel website:

/holiday/Paris/feature/canal-trip

In this example the feature canal-trip would be added to my planned trip to Paris. After this action there might be a redirect to the main resource page.

It's clear that this is not strictly a REST resource GET, however I wonder:

  • how much this is a REST violation?
  • what disadvantages this could cause? (If the action path is not indexed by search engines.)
  • what is a better way to provide a path where visitors can execute an action on behalf of a resource?

For this issue let's say CSRF is not an issue - the action is harmless. The most similar question I've found is this: REST actions and URL API design considerations - however in my case I have no intention to make it a real REST endpoint. Only would like to avoid violations.

itarato
  • 795
  • 1
  • 8
  • 24
  • It boils down to trade off between whether you want to provide this endpoint as a rest api based endpoint for consumers of your product, or you have implemented it just for sake of simplicity of implementation of logistics of your product. – MohitC Oct 16 '17 at 21:48
  • Let's say the latter one - only for convenience, definitely not putting a real REST resource on the same path. – itarato Oct 16 '17 at 21:50

1 Answers1

0

how much this is a REST violation?

Pretty hard. An important part of REST is the notion of a uniform interface -- the idea that consumers and intermediaries don't need to know any details about any specific resource. That in turn depends on a resource respecting the semantics of the messages that are exchanged.

In the case of HTTP, a GET message is supposed to be safe; in 2002, Fielding offered this clarification.

HTTP does not attempt to require the results of a GET to be safe. What it does is require that the semantics of the operation be safe, and therefore it is a fault of the implementation, not the interface or the user of that interface, if anything happens as a result that causes loss of property (money, BTW, is considered property for the sake of this definition).

.

what disadvantages this could cause? (If the action path is not indexed by search engines.)

Because the operation is supposed to be safe, any consumer or intermediary component is permitted to speculatively fetch the resource. In your case, that would mean features being added to trips without action by the end consumer.

what is a better way to provide a path where visitors can execute an action on behalf of a resource?

Use one of the unsafe http methods (like POST) to achieve the result you want.

Community
  • 1
  • 1
VoiceOfUnreason
  • 52,766
  • 5
  • 49
  • 91